CSE508: Network Security

Instructor Amir Rahmati
Office Hours Thu 10 – 12
Office Hour Location NCS 359
Class Location Light Engineering 102
Class Time Tue/Thu 8:30 – 9:50
Prerequisites Mature understanding of networked systems.
TA Pratik Vaishnavi
TA Office Hours By Appointment
TA Office Hour Location NCS 334
Final Exam Time December 11th, 11:15 AM - 1:45 PM
Final Exam Location Light Engineering 102

Grading

Paper Responses 25%
Final Exam 25%
Research Project 50%

Class Calendar

Readings

There are two mandatory readings for each class. It is your responsibility to read the papers and write a ~400 word critical response to each.

  • In the first paragraph:

    • State the problem that the paper tries to solve.
    • Summarize the main contributions.
  • In one or more additional paragraphs:

    • Evaluate the paper’s strengths and weaknesses.
    • Discuss something you would have done differently if you had written the paper.
    • Suggest one or more interesting open problems on related topics.

Your most important task is to demonstrate that you’ve read the paper and thought carefully about the topic.

Paper responses are due before the start of class via the online submission system. Use your Stony Brook email to sign up. For each submission, use the paper name as the title and write your review in the abstract box.

You will be asked to peer-review some of the submissions from your peers. Feel free to provide them feedback to help in their future submissions.

Research Project

Your course project should address an important, interesting open problem related to network security. It’s up to you to find a good topic, but I’m happy to discuss your project ideas individually and help you refine them.

Resources

We will setup a git repository for each group to upload their code and documents. If you need any additional resources, talk to me or one of the TAs and we do our best to accommodate you.

Group Assignment

I recommend working in groups of 3 or 4. The larger the group, the more I’ll expect you to accomplish.

You can form your group in Github by going to this link.

Project Proposal

Your proposal should consist of a 3-4 page description of your project that includes the following:

  • Group: Group member names and uniqnames.
  • Title: What would you call the eventual paper or product?
  • Problem: A description of the problem you will address and why it is important.
  • Context: A brief survey of related work and past approaches to the problem.
  • Approach: How you will address the problem and how your approach differs from past work.
  • Evaluation: How you will test how well your approach works (e.g., experimental measurements).
  • Scope: What you plan to accomplish and deliver by the checkpoints and by the end of the semester.

Upload all your files in your group’s git repo and also submit the final PDF version of the proposal here.

Literature Review

Complete and submit a literature review for your project. Literature reviews should consist of a 2-4 page analysis of works related to your project’s area. Your review should not simply be a laundry list of related projects. It should synthesize the works into areas and themes, discuss how it relates to the research question you are exploring, discuss the knowns and unknowns in the space, and highlight any disagreements and controversies.

For a more detailed explanation on how to do a literature review, read this.

Upload all your files in your group’s git repo and also submit the final PDF version of the Literature Review here.

Progress Report

Write a concise status report (no more than three pages) answering the following questions:

  • Progress: What have you accomplished so far? What do you have left to do?
  • Schedule: Are you on track to complete what you proposed?
  • Obstacles: Have you encountered any surprises or unexpected problems?
  • Workarounds: If you’re having problems, how do you intend to solve them or work around them?
  • Preliminary results: Can you draw any preliminary conclusions from your results so far? Include data.

You’re also welcome to come see me if you need advice.

Upload all your files in your group’s git repo and also submit the final PDF version of the progress update here.

Presentation

The last Week of class is set aside for the 1st Annual CSE 508 Security Symposium. Each group will prepare a presentation for the event and present their results in the format of a conference session.

Final Report

Your group’s final project report should be written in the style of a workshop or conference submission, like most of the papers we read this semester. Please include at least the following:

  • An abstract that summarizes your work.
  • An introduction that motivates the problem you are trying to solve.
  • A related work section that differentiates your contributions.
  • Section(s) describing your architecture or methodology.
  • Results and/or evaluation section(s), with data or figures to support your claims as appropriate.
  • A brief future work section explaining what is left to do.
  • Appropriate citations and references from the literature.
  • A brief paragraph containing a break-down of contributions of each project member.

See also: Advice on writing technical articles.

The length of your report should not exceed 8 typeset pages, excluding bibliography and well-marked appendices. There is no limit on the length of appendices, but graders are not required to read them. The text must be formatted in two columns, using 10 point Times Roman type on 12 point leading, in a text block of 6.5” by 9”. We strongly encourage you to use LaTeX and the USENIX template files, and Overleaf might be a helpful collaboration platform.

Upload all your files in your group’s git repo and also submit the final PDF version of the final report here.

Ethics, Law, and University Policies

To defend a system, you need to be able to think like an attacker, and that includes understanding techniques that can be used to compromise security. However, using those techniques in the real world may violate the law or the university’s rules, and it may be unethical. Under some circumstances, even probing for weaknesses may result in severe penalties, up to and including expulsion, civil fines, and jail time. Our policy in the class is that you must respect the privacy and property rights of others at all times, or else you will fail the course.

Acting lawfully and ethically is your responsibility. Carefully read the Computer Fraud and Abuse Act (CFAA), a federal statute that broadly criminalizes computer intrusion. This is one of several laws that govern “hacking.” Understand what the law prohibits — you don’t want to end up like this guy. The EFF provides helpful advice on vulnerability reporting and other legal matters. If in doubt, we can refer you to an attorney.

Please review the Divison of Information Technology policies on responsible use of technology resources, as well as the code of student responsibility. As members of the university, you are required to abide by these policies.

Avatar
Amir Rahmati
Assistant Professor

Amir Rahmati is an Assistant Professor in the Department of Computer Science at Stony Brook University. He is the director of Ethos Security and Privacy lab and a member of Stony Brook National Security Institute.